1 \chapter{Console Configuration}
2 \label{ConsoleConfChapter}
3 \index[general]{Configuration!Console}
4 \index[general]{Console Configuration}
7 \index[general]{General}
9 The Console configuration file is the simplest of all the configuration files,
10 and in general, you should not need to change it except for the password. It
11 simply contains the information necessary to contact the Director or
14 For a general discussion of the syntax of configuration files and their
15 resources including the data types recognized by {\bf Bacula}, please see
16 the \ilink{Configuration}{ConfigureChapter} chapter of this manual.
18 The following Console Resource definition must be defined:
20 \section{The Director Resource}
21 \label{DirectorResource3}
22 \index[general]{Director Resource}
23 \index[general]{Resource!Director}
25 The Director resource defines the attributes of the Director running on the
26 network. You may have multiple Director resource specifications in a single
27 Console configuration file. If you have more than one, you will be prompted to
28 choose one when you start the {\bf Console} program.
32 \index[console]{Director}
33 Start of the Director directives.
35 \item [Name = \lt{}name\gt{}]
37 The director name used to select among different Directors, otherwise, this
40 \item [DIRPort = \lt{}port-number\gt{}]
42 Specify the port to use to connect to the Director. This value will most
43 likely already be set to the value you specified on the {\bf
44 \lstinline:--:with-baseport} option of the {\bf ./configure} command. This port must be
45 identical to the {\bf DIRport} specified in the {\bf Director} resource of
46 the \ilink{Director's configuration}{DirectorChapter} file. The
47 default is 9101 so this directive is not normally specified.
49 \item [Address = \lt{}address\gt{}]
51 Where the address is a host name, a fully qualified domain name, or a network
52 address used to connect to the Director.
54 \item [Password = \lt{}password\gt{}]
56 Where the password is the password needed for the Director to accept the
57 Console connection. This password must be identical to the {\bf Password}
58 specified in the {\bf Director} resource of the
59 \ilink{Director's configuration}{DirectorChapter} file. This
60 directive is required.
63 An actual example might be:
69 address = rufus.cats.com
70 password = xyz1erploit
75 \section{The ConsoleFont Resource}
76 \index[general]{Resource!ConsoleFont}
77 \index[general]{ConsoleFont Resource}
79 The ConsoleFont resource is available only in the GNOME version of the
80 console. It permits you to define the font that you want used to display in
81 the main listing window.
86 \index[console]{ConsoleFont}
87 Start of the ConsoleFont directives.
89 \item [Name = \lt{}name\gt{}]
93 \item [Font = \lt{}Pango Font Name\gt{}]
95 The string value given here defines the desired font. It is specified in the
96 Pango format. For example, the default specification is:
100 Font = "LucidaTypewriter 9"
106 Thanks to Phil Stracchino for providing the code for this feature.
108 An different example might be:
114 Font = "Monospace 10"
119 \section{The Console Resource}
120 \label{ConsoleResource}
121 \index[general]{Console Resource}
122 \index[general]{Resource!Console}
124 There are three different kinds of consoles, which the administrator or
125 user can use to interact with the Director. These three kinds of consoles
126 comprise three different security levels.
129 \item The first console type is an {\bf anonymous} or {\bf default}
130 console, which has full privileges. There is no console resource
131 necessary for this type since the password is specified in the Director
132 resource. Typically you would use this {\bf anonymous} console
133 only for administrators.
135 \item The second type of console is a
136 "named" or "restricted" console defined within a Console resource in
137 both the Director's configuration file and in the Console's
138 configuration file. Both the names and the passwords in these two
139 entries must match much as is the case for Client programs.
141 This second type of console begins with absolutely no privileges except
142 those explicitly specified in the Director's Console resource. Note,
143 the definition of what these restricted consoles can do is determined
144 by the Director's conf file.
146 Thus you may define within the Director's conf file multiple Consoles
147 with different names and passwords, sort of like multiple users, each
148 with different privileges. As a default, these consoles can do
149 absolutely nothing -- no commands what so ever. You give them
150 privileges or rather access to commands and resources by specifying
151 access control lists in the Director's Console resource. This gives the
152 administrator fine grained control over what particular consoles (or
155 \item The third type of console is similar to the above mentioned
156 restricted console in that it requires a Console resource definition in
157 both the Director and the Console. In addition, if the console name,
158 provided on the {\bf Name =} directive, is the same as a Client name,
159 the user of that console is permitted to use the {\bf SetIP} command to
160 change the Address directive in the Director's client resource to the IP
161 address of the Console. This permits portables or other machines using
162 DHCP (non-fixed IP addresses) to "notify" the Director of their current
167 The Console resource is optional and need not be specified. However, if it is
168 specified, you can use ACLs (Access Control Lists) in the Director's
169 configuration file to restrict the particular console (or user) to see only
170 information pertaining to his jobs or client machine.
172 You may specify as many Console resources in the console's conf file. If
173 you do so, generally the first Console resource will be used. However, if
174 you have multiple Director resources (i.e. you want to connect to different
175 directors), you can bind one of your Console resources to a particular
176 Director resource, and thus when you choose a particular Director, the
177 appropriate Console configuration resource will be used. See the "Director"
178 directive in the Console resource described below for more information.
180 Note, the Console resource is optional, but can be useful for
181 restricted consoles as noted above.
185 \index[console]{Console}
186 Start of the Console resource.
188 \item [Name = \lt{}name\gt{}]
189 \index[console]{Name}
190 The Console name used to allow a restricted console to change
191 its IP address using the SetIP command. The SetIP command must
192 also be defined in the Director's conf CommandACL list.
195 \item [Password = \lt{}password\gt{}]
196 \index[console]{Password}
197 If this password is supplied, then the password specified in the
198 Director resource of you Console conf will be ignored. See below
201 \item [Director = \lt{}director-resource-name\gt{}]
202 If this directive is specified, this Console resource will be
203 used by bconsole when that particular director is selected
204 when first starting bconsole. I.e. it binds a particular console
205 resource with its name and password to a particular director.
207 \item [Heartbeat Interval = \lt{}time-interval\gt{}]
208 \index[console]{Heartbeat Interval}
209 \index[console]{Directive!Heartbeat}
210 This directive is optional and if specified will cause the Console to
211 set a keepalive interval (heartbeat) in seconds on each of the sockets
212 to communicate with the Director. It is implemented only on systems
213 (Linux, ...) that provide the {\bf setsockopt} TCP\_KEEPIDLE function.
214 The default value is zero, which means no change is made to the socket.
219 The following configuration files were supplied by Phil Stracchino. For
220 example, if we define the following in the user's bconsole.conf file (or
221 perhaps the bwx-console.conf file):
229 Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
234 Name = restricted-user
235 Password = "UntrustedUser"
240 Where the Password in the Director section is deliberately incorrect, and the
241 Console resource is given a name, in this case {\bf restricted-user}. Then
242 in the Director's bacula-dir.conf file (not directly accessible by the user),
248 Name = restricted-user
249 Password = "UntrustedUser"
250 JobACL = "Restricted Client Save"
251 ClientACL = restricted-client
252 StorageACL = main-storage
255 FileSetACL = "Restricted Client's FileSet"
256 CatalogACL = DefaultCatalog
262 the user logging into the Director from his Console will get logged in as {\bf
263 restricted-user}, and he will only be able to see or access a Job with the
264 name {\bf Restricted Client Save} a Client with the name {\bf
265 restricted-client}, a Storage device {\bf main-storage}, any Schedule or Pool,
266 a FileSet named {\bf Restricted Client's FileSet}, a Catalog named {\bf
267 DefaultCatalog}, and the only command he can use in the Console is the {\bf
268 run} command. In other words, this user is rather limited in what he can see
271 The following is an example of a bconsole conf file that can access
272 several Directors and has different Consoles depending on the director:
280 Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
284 Name = SecondDirector
286 Address = secondserver
287 Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
291 Name = restricted-user
292 Password = "UntrustedUser"
293 Director = MyDirector
297 Name = restricted-user
298 Password = "A different UntrustedUser"
299 Director = SecondDirector
304 The second Director referenced at "secondserver" might look
310 Name = restricted-user
311 Password = "A different UntrustedUser"
312 JobACL = "Restricted Client Save"
313 ClientACL = restricted-client
314 StorageACL = second-storage
317 FileSetACL = "Restricted Client's FileSet"
318 CatalogACL = RestrictedCatalog
319 CommandACL = run, restore
327 \section{Console Commands}
328 \index[general]{Console Commands}
329 \index[general]{Commands!Console}
331 For more details on running the console and its commands, please see the
332 \bsysxrlink{Bacula Console}{_ConsoleChapter}{console}{chapter} of the \consoleman{}.
334 \section{Sample Console Configuration File}
335 \label{SampleConfiguration2}
336 \index[general]{File!Sample Console Configuration}
337 \index[general]{Sample Console Configuration File}
339 An example Console configuration file might be the following:
344 # Bacula Console Configuration File
348 address = "my_machine.my_domain.com"
349 Password = Console_password